In-Vehicle Communication Cyber Security: Challenges and Solutions

In-vehicle communication has become an integral part of today’s driving environment considering the growing add-ons of sensor-centric communication and computing devices inside a vehicle for a range of purposes including vehicle monitoring, physical wiring reduction, and driving efficiency. However, related literature on cyber security for in-vehicle communication systems is still lacking potential dedicated solutions for in-vehicle cyber risks. Existing solutions are mainly relying on protocol-specific security techniques and lacking an overall security framework for in-vehicle communication. In this context, this paper critically explores the literature on cyber security for in-vehicle communication focusing on technical architecture, methodologies, challenges, and possible solutions. In-vehicle communication network architecture is presented considering key components, interfaces, and related technologies. The protocols for in-vehicle communication have been classified based on their characteristics, and usage type. Security solutions for in-vehicle communication have been critically reviewed considering machine learning, cryptography, and port-centric techniques. A multi-layer secure framework is also developed as a protocol and use case-independent in-vehicle communication solution. Finally, open challenges and future dimensions of research for in-vehicle communication cyber security are highlighted as observations and recommendations.


Introduction
The current era is the witness of tremendous development in in-vehicle automotive technologies since modern intelligent vehicles can be considered cyber-physical systems with excellent capabilities to connect with external infrastructures [1]. The in-vehicle technology enabled modern intelligent vehicles should not be perceived similar to mechanical systems, but the integrated architecture consists of million lines of complex code to provide various real-time information to vehicle occupants. Current advancements in in-vehicle communication technologies enable the more refined in-vehicle dashboard centric communications including with smart phone, sensors, earphone or laptop, and roadside units (see Figure 1). The embedded hardware enabled in-vehicle short range communications need urgent attentions considering cyber security risks [2]. Recently, we can see a high inclination in research trends towards secure in-vehicle network architectures. Researchers are developing new protocols, and the development of new smart applications are the outcome of this growth [3]. There is an urgent need for the development of efficient protocols for automotive industries which should be fully compatible with current trends and technologies [4]. Next, Figure 1 illustrates the in-vehicle communication security scenarios with security threats.
protocols for automotive industries which should be fully compatible with current tr and technologies [4]. Next, Figure 1 illustrates the in-vehicle communication security narios with security threats. The advanced in-vehicle functionality in modern intelligent vehicles is provide electronic control units (ECUs) equipped with the vehicles. Further, these units are nected via serial buses. Controller Area Network (CAN) protocol is responsible for m taining effective in-vehicle communication among these modules in modern intell vehicles [5]. It is a fact that modern in-vehicle technology enabled intelligent vehicles smart connectivity and computerization have various unique features such as enha road safety, connectivity with the outside world, many new services for enhancin customer experience, etc. However, on the other aspects, these connected smart fea have paved the way for hackers to hijack vehicles functionalities, since these feature exposing the vehicle to possible attacks. Hackers may open a new attack surface b cessing the electronic in-vehicle components of modern intelligent vehicles [6].
The existing protocols of the in-vehicle network have various vulnerabilities, su ID-based arbitration mechanism for contention resolution, unavailability of messag thentication and encryption, etc. [7]. There is an urgent requirement for the securi modern intelligent vehicles since adversaries may use existing vulnerabilities and a the modern intelligent vehicle which may lead to hazards to life and damage to the ve on the road. Recent decades are witness of advancements in technology for modern s intelligent vehicles as well as self-driving vehicles. The modern automotive indus have seen several breakthroughs due to enhanced connectivity, and significant dev ment towards communication channels and access points. On the other hand, thes velopments open the door for new challenges consisting of security and privacy of The advanced in-vehicle functionality in modern intelligent vehicles is provided by electronic control units (ECUs) equipped with the vehicles. Further, these units are connected via serial buses. Controller Area Network (CAN) protocol is responsible for maintaining effective in-vehicle communication among these modules in modern intelligent vehicles [5]. It is a fact that modern in-vehicle technology enabled intelligent vehicles with smart connectivity and computerization have various unique features such as enhanced road safety, connectivity with the outside world, many new services for enhancing the customer experience, etc. However, on the other aspects, these connected smart features have paved the way for hackers to hijack vehicles functionalities, since these features are exposing the vehicle to possible attacks. Hackers may open a new attack surface by accessing the electronic in-vehicle components of modern intelligent vehicles [6].
The existing protocols of the in-vehicle network have various vulnerabilities, such as ID-based arbitration mechanism for contention resolution, unavailability of message authentication and encryption, etc. [7]. There is an urgent requirement for the security of modern intelligent vehicles since adversaries may use existing vulnerabilities and attack the modern intelligent vehicle which may lead to hazards to life and damage to the vehicle on the road. Recent decades are witness of advancements in technology for modern smart intelligent vehicles as well as self-driving vehicles. The modern automotive industries have seen several breakthroughs due to enhanced connectivity, and significant development towards communication channels and access points. On the other hand, these developments open the door for new challenges consisting of security and privacy of data [8]. The safety of life is at the stake due to these cyber security vulnerabilities. Since modern connected vehicles are growing with efficient communication capabilities and sharing critical safety-related information with nearby vehicles as well as with infrastructure around in real-time [9]. This growth is responsible for dynamic and rapid change in the automotive cyber security environment. The cyber security issues should be handled with utmost priority with the detection of any vulnerabilities at the earliest possible time. Cyber security issues may jeopardize modern intelligent vehicles on roads [10,11].
Artificial Intelligence (AI) and Machine Learning (ML) techniques have been used for solving a variety of in-vehicle domain issues [12]. Currently, these techniques have transpired as a reasonable solution for complex application domains. One of the complex application domains is the security of in-vehicle networks [13]. Recently, research innovations have shown that ML-based schemes can effectively address security issues in in-vehicle networks [14]. Since the modern intelligent vehicle network consists of wireless communication between vehicles or infrastructure and increased connectivity has widened the security holes thereby making it vulnerable to a large number of different types of attacks [15]. Additionally, various researchers have significantly contributed in this direction by utilizing machine learning techniques and their variants for developing security frameworks to identify potential attacks and guard against several security-related issues in modern vehicular networks [16]. In the past, cryptographic approaches have been used to propose solutions to handle various types of security issues. For authentication in in-vehicle networks, some traditional authentication techniques include biometric security techniques, key-based authentication, and password protection, etc. The main limitation of cryptographic approaches in handling security issues of in-vehicle networks is low accuracy in validating whether the transferred value is real or spoofed. Additionally, cryptographic approaches are generally implemented in low-powered vehicle security systems [17].
In this context, this paper presents a critical survey of in-vehicle communication focusing on following research questions: • What are the main components of in-vehicle network? • Why there is a need to secure in-vehicle network environment? • Which are the main approaches for securing the in-vehicle network? • What kind of challenges exist in securing the in-vehicle network? • Where the future research on in-vehicle cybernetics will move forward?
It first identifies the broad categories of attacks on in-vehicular system. These attacks are classified into four major categories as sensor initiated, infotainment initiated, telematics initiated, and direct interface initiated. Then, we investigate and summarize the available defenses against these in-vehicle cyber-attacks and classify them into two major categories including machine learning-based approaches and cryptography-based approaches. We provide detailed survey and comparison of cryptographic approaches as well as machine learning approaches for designing security solutions against several cyber threats on in-vehicular system. We have developed multi-layered in-vehicle security framework. Open research challenges and future directions for preventing attacks on in-vehicle network systems have been discussed. We are sure that this systematic survey provides the foundation stone about in-vehicle networks' attacks and security solutions based on machine leaning as well as cryptography techniques and it is therefore will play a crucial role in serving as a groundwork and point of reference for variety of stakeholders with different levels. The contribution can be summarized as below: 1.
In-vehicle communication network architecture is presented considering key components, interfaces, and related technologies.

2.
The protocols for in-vehicle communication have been classified based on their characteristics, and usage type.

3.
Security solutions for in-vehicle communication have been critically reviewed considering machine learning, cryptography, and port centric techniques.

4.
A multi-layer secure framework is also developed as a protocol and use case independent in-vehicle communication solution.

5.
Finally, open challenges, and future dimension of research for in-vehicle communication cyber security is highlighted as observation and recommendation.

Internal Configuration of Electronic Control Units
Critical information is exchanged among different electronic control units (ECUs) installed in the vehicle. In advanced modern vehicles, as the number of ECUs increases, the complexity level in in-vehicle networks also increases since each distinct component are having different requirements in terms of bandwidth and latency. The number of ECUs is continuously rising in modern intelligent vehicles to enable the modern advanced vehicle with a variety of new functionality for safety, security, convenience, etc. Additionally, for the interconnections of a large number of ECUs, several in-vehicle protocols have been developed and research is still going on with more advanced features. Additionally, ECUs are usually connected with more than one bus network due to their diversified functionality including controlling and monitoring the vehicle [18]. Figure 2 demonstrates the internal configuration of ECU in detail.

4.
A multi-layer secure framework is also developed as a protocol and use case independent in-vehicle communication solution. 5. Finally, open challenges, and future dimension of research for in-vehicle communication cyber security is highlighted as observation and recommendation.
The rest of the paper is organized in following sections. Sections 2 presents the architecture and components of in-vehicular communication system. Section 3 briefly describes the classification and characteristics of in-vehicle automotive protocols. Section 4 illustrates the broad classification of attacks on in-vehicle communication system. A comprehensive survey of security solutions for in-vehicle network against malicious threats is presented in Section 5. A multi-layered in-vehicle security framework is proposed in Section 6. Open challenges and future research directions are highlighted in Section 7, followed by conclusions in Section 8.

Architecture and Components of In-Vehicular System
In-vehicle networks (IVNs) are an emerging research field in modern vehicular networks. The in-vehicle network architecture consists of several core components , namely Sensor Domain consisting of high precision sensors, Chassis Domain, Infotainment Domain, Telematics Domain, Powertrain Domain, etc. For effective communication between these core components of in-vehicle networks, protocols play a major role such as Ethernet, FlexRay, and Controller Area Network (CAN), etc. The rapid growth in connectivity among transportation facilities integrated with modern advanced technologies, for example, V2X-communications, have resulted in widening the security holes and subsequently, attackers can get access to the in-vehicle network.

Internal Configuration of Electronic Control Units
Critical information is exchanged among different electronic control units (ECUs) installed in the vehicle. In advanced modern vehicles, as the number of ECUs increases, the complexity level in in-vehicle networks also increases since each distinct component are having different requirements in terms of bandwidth and latency. The number of ECUs is continuously rising in modern intelligent vehicles to enable the modern advanced vehicle with a variety of new functionality for safety, security, convenience, etc. Additionally, for the interconnections of a large number of ECUs, several in-vehicle protocols have been developed and research is still going on with more advanced features. Additionally, ECUs are usually connected with more than one bus network due to their diversified functionality including controlling and monitoring the vehicle [18]. Figure 2 demonstrates the internal configuration of ECU in detail.

In-Vehicle Network Architecture
In-vehicle networks which are also known as internal communication networks are responsible for interconnecting various components inside modern intelligent vehicles. ECUs, gateways, sensors, actuators, etc. are considered the main core components inside  [19]. Figure 3 presents the general architecture of in-vehicle network.

In-Vehicle Network Architecture
In-vehicle networks which are also known as internal communication networks are responsible for interconnecting various components inside modern intelligent vehicles. ECUs, gateways, sensors, actuators, etc. are considered the main core components inside modern intelligent vehicles. Additionally, the modern intelligent vehicle has various units , namely Telematics Domain, Infotainment Domain, Chassis Domain, Powertrain Domain, Body Domain and Sensor Domain, etc. Sensors give inputs to these electronic units for further computation [19]. Figure 3 presents the general architecture of in-vehicle network.  It is a fact that tiny sensors are the backbone of modern intelligent vehicles since sensors typically recognize and immediately report the problem for resolution example including service due, component fault, etc. Sensors observe various key events such as car speed, fuel, temperature, speed of crankshaft's rotation, tire pressure, oxygen ratio in the exhaust gases, air density in the engine, etc. therefore tiny sensors should have high standards, such as precision, resolution, sensitivity, accuracy, low power consumption with less noise. The observation and reporting of these events help in the early detection of the problem and result in the prevention of vehicle damage. Autonomous vehicles have sensors of different types ranging from electric, mechanical, optical, sound, image, and light sensors, etc.

Classification of In-Vehicle Network Architecture
The in-vehicle network architecture can be classified into three types. The first classification consists of the central gateway and this type of architecture is known as distributed electrical and electronics(E/E) type. In the second classification, multiple operational domains are connected via a central gateway and this type of architecture is known as the domain-centralized electricals and electronics(E/E) type. The third type of in-vehicle network architecture is known as future E/E architecture or zonal architecture. This architecture has a centralized high-performance computing unit (HPCU) which is useful in reducing the complexity of previously existing two architectures [20]. Figure 4 illustrates the distributed electrical and electronics (E/E) architecture. It is a fact that tiny sensors are the backbone of modern intelligent vehicles since sensors typically recognize and immediately report the problem for resolution example including service due, component fault, etc. Sensors observe various key events such as car speed, fuel, temperature, speed of crankshaft's rotation, tire pressure, oxygen ratio in the exhaust gases, air density in the engine, etc. therefore tiny sensors should have high standards, such as precision, resolution, sensitivity, accuracy, low power consumption with less noise. The observation and reporting of these events help in the early detection of the problem and result in the prevention of vehicle damage. Autonomous vehicles have sensors of different types ranging from electric, mechanical, optical, sound, image, and light sensors, etc.

Classification of In-Vehicle Network Architecture
The in-vehicle network architecture can be classified into three types. The first classification consists of the central gateway and this type of architecture is known as distributed electrical and electronics(E/E) type. In the second classification, multiple operational domains are connected via a central gateway and this type of architecture is known as the domain-centralized electricals and electronics(E/E) type. The third type of in-vehicle network architecture is known as future E/E architecture or zonal architecture. This architecture has a centralized high-performance computing unit (HPCU) which is useful in reducing the complexity of previously existing two architectures [20]. Figure 4 illustrates the distributed electrical and electronics (E/E) architecture.
The two main components of this architecture are function-specific ECUs along with central gateway. The controller area network (CAN) bus is used for the interconnection. A strong collaboration among the ECUs can be achieved with the help of the central gateway. Therefore, complex functions, such as cross-functional connections as well as adaptive cruise control, can be executed efficiently in this type of architecture with the help of a centralized gateway. The two main components of this architecture are function-specific ECUs along with central gateway. The controller area network (CAN) bus is used for the interconnection. A strong collaboration among the ECUs can be achieved with the help of the central gateway. Therefore, complex functions, such as cross-functional connections as well as adaptive cruise control, can be executed efficiently in this type of architecture with the help of a centralized gateway.
The main limitation of electrical and electronics(E/E) type in-vehicle network architecture is increased communication overhead since different ECUs communicate via a central gateway. For addressing this limitation, an architecture was developed based on several functional domains for in-vehicle network architecture in which different functional/operational domains are interconnected via the central gateway. Additionally, the communication load on the central gateway is significantly reduced since the majority of communication happens within these operational/functional domains themselves. This architecture has scalable capability because more functional domains can be added easily [21].
In this architecture also, the central gateway plays a crucial role. The main feature of this type of architecture is the use of function-specific automotive ECUs and domain-specific ECUs. Additionally, through CAN bus and Ethernet connections, function-specific automotive ECUs are connected to domain-specific ECUs. This architecture is much more efficient than the previous architecture in terms of handling stringent complex functions. With the help of the consolidation of functions. Domain centralized architecture has become extremely elaborate over time. The autonomous driving feature requires a large number of sensors and actuators which results in higher data processing and bandwidth requirements, and subsequently, the architecture becomes more complex in these scenarios. Figure 5 depicts the domain centralized E/E architecture [22]. The main limitation of electrical and electronics(E/E) type in-vehicle network architecture is increased communication overhead since different ECUs communicate via a central gateway. For addressing this limitation, an architecture was developed based on several functional domains for in-vehicle network architecture in which different functional/operational domains are interconnected via the central gateway. Additionally, the communication load on the central gateway is significantly reduced since the majority of communication happens within these operational/functional domains themselves. This architecture has scalable capability because more functional domains can be added easily [21].
In this architecture also, the central gateway plays a crucial role. The main feature of this type of architecture is the use of function-specific automotive ECUs and domainspecific ECUs. Additionally, through CAN bus and Ethernet connections, function-specific automotive ECUs are connected to domain-specific ECUs. This architecture is much more efficient than the previous architecture in terms of handling stringent complex functions. With the help of the consolidation of functions. Domain centralized architecture has become extremely elaborate over time. The autonomous driving feature requires a large number of sensors and actuators which results in higher data processing and bandwidth requirements, and subsequently, the architecture becomes more complex in these scenarios. Figure 5 depicts the domain centralized E/E architecture [22].
The third type of in-vehicle architecture is futuristic architecture also known as zonal architecture. The architecture reflects futuristic smart vehicle functions as well as technologies with a significant reduction in weight and cost. The three main components of the zonal architecture are function-specific automotive ECUs, HPCU, and zonal ECUs. In this architecture, the central controller is HPCU which is responsible for processing all data received from several different zones of the vehicle. The data is transferred from one zone to another through HPCU which works as a central gateway. To match the high bandwidth and speed requirements for data transmission in the vehicle network, the Ethernet connections are utilized for the connection of the ECUs and HPCU. The unique feature of this futuristic architecture is support for the virtual domain. For HPCU, the two key functionalities are transferring the embedded functions into the cloud and the next feature provides software update/download support over the air (OTA) [23,24]. Figure 6 presents the zonal architecture. The third type of in-vehicle architecture is futuristic architecture also known as zonal architecture. The architecture reflects futuristic smart vehicle functions as well as technologies with a significant reduction in weight and cost. The three main components of the zonal architecture are function-specific automotive ECUs, HPCU, and zonal ECUs. In this architecture, the central controller is HPCU which is responsible for processing all data received from several different zones of the vehicle. The data is transferred from one zone to another through HPCU which works as a central gateway. To match the high bandwidth and speed requirements for data transmission in the vehicle network, the Ethernet connections are utilized for the connection of the ECUs and HPCU. The unique feature of this futuristic architecture is support for the virtual domain. For HPCU, the two key functionalities are transferring the embedded functions into the cloud and the next feature provides software update/download support over the air (OTA) [23,24]. Figure 6 presents the zonal architecture.     The third type of in-vehicle architecture is futuristic architecture also known as zonal architecture. The architecture reflects futuristic smart vehicle functions as well as technologies with a significant reduction in weight and cost. The three main components of the zonal architecture are function-specific automotive ECUs, HPCU, and zonal ECUs. In this architecture, the central controller is HPCU which is responsible for processing all data received from several different zones of the vehicle. The data is transferred from one zone to another through HPCU which works as a central gateway. To match the high bandwidth and speed requirements for data transmission in the vehicle network, the Ethernet connections are utilized for the connection of the ECUs and HPCU. The unique feature of this futuristic architecture is support for the virtual domain. For HPCU, the two key functionalities are transferring the embedded functions into the cloud and the next feature provides software update/download support over the air (OTA) [23,24]. Figure 6 presents the zonal architecture.   The door is open for significant opportunities in the automotive sector by transferring consumer electronics technology and information technology to the automotive sector. The only factor in this transformation is a lot of adaptions. In the current era, rapid changes can be seen in the automotive electronics architecture [25].

Classifications and Characteristics of In-Vehicle Automotive Protocols
In advanced vehicles (electric, hybrid, driverless), stringent real-time information is exchanged among different modules for smooth function of the vehicle and this requirement is fulfilled by the rapid development of various applications of CAN. Other heterogeneous and complex architectures of in-vehicle networks include networks such as Media-Oriented Systems Transport (MOST), FlexRay, Local Interconnect Networks (LIN), and Automotive Ethernet (AE). Table 1 describes the classification of protocols for in-vehicle network communications.

Controller Area Network (CAN)
For in-vehicle communications, the CAN protocol is generally mainly used. CAN packets are transmitted between multiple ECUs through inter-connected buses. The broadcast communications mechanism is used in the CAN protocol. The CAN protocol has various advantages such as simplicity, low network complexity, and reduced wiring costs since CAN utilizes the multiplex wire architecture for eliminating the need of complex excessive wiring for communication among different ECUs. CAN is unable to provide real-time performance which is a crucial factor for applications related to critical security. the CAN protocol is not able to handle security challenges. The lack of authentication mechanism and encryption is considered the main limitation of the CAN protocol. Additionally, the rapid advancement in automotive applications require support from high bandwidth backend protocols but CAN has bandwidth limitations [26].

Local Interconnect Network (LIN)
LIN is a single wire network for connecting sensors and actuators. Reliability of LIN is not up to the mark as compared with CAN thereby it is not suitable for time critical applications. LIN utilizes the parity bits and checksums for detecting the incorrect messages in the network [27].

FlexRay Protocol
FlexRay protocol utilizes two parallel channels for data transmission in synchronous as well as asynchronous mode. FlexRay can be utilized for time critical applications. Although FlexRay has reliability and fault tolerance features, but implementation cost is very high. FlexRay handles logical errors by using checksums and redundancy mechanisms [28].

Media-Oriented Systems Transport (MOST)
The MOST protocol has been developed by domestic digital bus. MOST protocol support synchronous as well as asynchronous mode for data transmission. MOST protocol also support the GPS applications and radio. Although MOST protocols satisfy the infotainment requirements, but MOST protocols failed to provide bandwidth requirements when the requirement is increased exponentially [29].

Automotive Ethernet
This protocol is considered as physical layer standard in the automotive domain. Due to the diversified capability of this protocol, it can be used in more advanced applications in vehicles such as advanced driving assistance systems, etc. The main advantage of this protocol is the reduced wiring cost since it supports switched network technology [30].

Classification of Attacks on In-Vehicle Network System for Possible Entry Points
This paper first identifies the broad categories of attacks on in-vehicular system. These attacks are classified into four major categories as sensor initiated, infotainment initiated, telematics initiated, and direct interface initiated as shown in Figure 7. There are generally two attack vectors, namely wireless access and physical access, attackers are using these attack vectors to get access to the internal networks of the vehicle. External inputs use these interfaces so that ECUs can be exploited. The attackers may use software bugs, the vehicle's remote key (via the internet) and much more to exploit the ECUs easily. The in-vehicle network has several security issues, research is going on to develop an advanced security framework. Wireless networks can be used for exploiting the bus system of the in-vehicle network.
also support the GPS applications and radio. Although MOST protocols satisfy the infotainment requirements, but MOST protocols failed to provide bandwidth requirements when the requirement is increased exponentially [29].

Automotive Ethernet
This protocol is considered as physical layer standard in the automotive domain. Due to the diversified capability of this protocol, it can be used in more advanced applications in vehicles such as advanced driving assistance systems, etc. The main advantage of this protocol is the reduced wiring cost since it supports switched network technology [30].

Classification of Attacks on In-Vehicle Network System for Possible Entry Points
This paper first identifies the broad categories of attacks on in-vehicular system. These attacks are classified into four major categories as sensor initiated, infotainment initiated, telematics initiated, and direct interface initiated as shown in Figure 7. There are generally two attack vectors, namely wireless access and physical access, attackers are using these attack vectors to get access to the internal networks of the vehicle. External inputs use these interfaces so that ECUs can be exploited. The attackers may use software bugs, the vehicle's remote key (via the internet) and much more to exploit the ECUs easily. The in-vehicle network has several security issues, research is going on to develop an advanced security framework. Wireless networks can be used for exploiting the bus system of the in-vehicle network.

Entry points to Smart Vehicles
Smart intelligent vehicles have lots of features due to rapid development in automotive technologies. No security mechanism is sufficient enough to handle all security threats. With tremendous evolution in technology, hackers are also using advanced techniques to hack smart vehicles. There are several entry points to smart vehicles which are listed in Figure 8.

OBD-II Port
This port is used for monitoring various details such as emissions from vehicles, speed, mileage, etc. OBD-II ports are considered the weakest link in the vehicle since the attacker may collect diagnostic data easily and subsequently get success in accessing the in-vehicle network and deployment of malicious programs. Two types of attacks are possible on the OBD-II port, namely an in-vehicle network access attack and a Dongle exploitation attack. In the former attack type, the attacker may utilize an OBD-II port for installing the malicious device in the in-vehicle network with the main objective of obtaining physical access. In the later attack type, dongles are fitted in the OBD-II ports. These dongles can be remotely handled and decrypted by the attacker [31].

Entry points to Smart Vehicles
Smart intelligent vehicles have lots of features due to rapid development in automotive technologies. No security mechanism is sufficient enough to handle all security threats. With tremendous evolution in technology, hackers are also using advanced techniques to hack smart vehicles. There are several entry points to smart vehicles which are listed in Figure 8.

OBD-II Port
This port is used for monitoring various details such as emissions from vehicles, speed, mileage, etc. OBD-II ports are considered the weakest link in the vehicle since the attacker may collect diagnostic data easily and subsequently get success in accessing the in-vehicle network and deployment of malicious programs. Two types of attacks are possible on the OBD-II port , namely an in-vehicle network access attack and a Dongle exploitation attack. In the former attack type, the attacker may utilize an OBD-II port for installing the malicious device in the in-vehicle network with the main objective of obtaining physical access. In the later attack type, dongles are fitted in the OBD-II ports. These dongles can be remotely handled and decrypted by the attacker [31].

USB and Charging Ports
Severe security threats are posed by the use of USB ports in the vehicle. Several examples of severe security threats are reprogramming of the controller processor, installation of several types of malicious codes, network card tampering, and changes in operating system functionalities. Additionally, the malicious codes inside a USB pen drive or CD can be used to hack the infotainment system. After hacking the infotainment system, hackers can easily control other parts of the vehicle such as the braking system and engine control system [32]. During the charging mechanism, Electric Vehicles (EV) are susceptible to several attacks via charging infrastructure. Additionally, the smart grid may be attacked by utilizing a charging system [33].

USB and Charging Ports
Severe security threats are posed by the use of USB ports in the vehicle. Several examples of severe security threats are reprogramming of the controller processor, installation of several types of malicious codes, network card tampering, and changes in operating system functionalities. Additionally, the malicious codes inside a USB pen drive or CD can be used to hack the infotainment system. After hacking the infotainment system, hackers can easily control other parts of the vehicle such as the braking system and engine control system [32]. During the charging mechanism, Electric Vehicles (EV) are susceptible to several attacks via charging infrastructure. Additionally, the smart grid may be attacked by utilizing a charging system [33].

Tire Pressure Monitoring System (TPMS), LiDAR and Keyless Entry Ports
The attacker can use the TPMS for eavesdropping attack to get access to the vehicle network and perform malicious activities. LiDAR and cameras are opening the door for signal jamming attack. For keyless entry attack, the hacker tries to intercept the signal for further capturing and re-directing purposes. There does not exist any adequate mechanism to protect the radio signals hence radio signals transmitted from vehicles' keys can be easily captured by hackers. This area is open to researchers [34].

Buse Network Ports
There does not exist a communication protection mechanism for CAN. This protocol reflects a broadcast nature and therefore each node is intended to receive the frame. This frame is not secured by either MAC or digital signature. Confidential data can be stolen or manipulated in this protocol. The hacker can send fake frames to each node and thereby vehicle may start showing unintended behavior [35].

Vehicular Communication Ports
All the smart vehicles are enabled with Bluetooth with a range of 10 m. The mobile phone can easily get connected with infotainment as well as telematics systems for performing a range of activities such as making calls, streaming music etc. Through Bluetooth, hackers can get full access to vehicles to perform malicious activities [36]. Almost all smart vehicles are enabled with wi-fi. These smart vehicles can be connected to the internet through roadside wi-fi hot spots. The low-security level at the wi-fi hot spot may expose the vehicle to several threats since wi-fi hot spots may have outdated security mechanisms for the connection and hackers can easily target the vehicles through these weak access points [37].
Dedicated Short Range Communication (DSRC) is one of the onboard units. It utilizes radio frequency for communication. It supports short-range communication for the vehicle to infrastructure as well as vehicle-to-vehicle communication. The hacker can easily get access to the vehicle through DSRC and may perform severe undesirable activities [38]. Almost all smart vehicles are equipped with cellular technologies (3 G/4 G/5 G, etc.). These smart vehicles are now capable of vehicle-to-infrastructure as well as vehicle-to-vehicle communication with distances of several miles. hackers can perform two types of attacks, namely jamming and eavesdropping on the cellular networks [39].

Corrective Mechanisms to Port Threats
Several threats due to OBD-II ports can be handled by designing the framework for frame injection tracking which are coming from the OBD-II port. The second strategy can be used for firmware updates by encryption and message signing. The threats due to USB ports can be handled by designing the standard USB security framework since there exist large applications of USB devices and thereby posing severe security vulnerabilities. There are two ways to provide protection against threats due to USB ports; in the first approach, a security certificate should be required by the USB whenever it tries to connect with the internet and subsequently this certificate may give permission to link to the vehicle. In the second approach, the malware/viruses are prevented to access the restricted security area through the USB port. The threats due to electric vehicle charging ports can be handled by utilizing three schemes, namely secure firmware updates, cryptographic signatures, and authentication schemes. To protect the electric vehicle charging infrastructure, Open Charging Point Protocol (OCPP) has been developed for securing charging systems in the smart grid [40].

Related Existing Surveys
The rapid development in advanced automotive technologies leads to prominent growth in smart vehicles manufacturing. The speedy transition towards advanced smart vehicles opens the next door to several security threats therefore in recent years, the researchers are showing more interest in designing new security frameworks for automotive protocols and particularly focused on the CAN. A large number of surveys have been published recently considering security aspects on in-vehicle network. A comprehensive survey is presented by Zeng et al. [41] considering all five protocols used in-vehicle networks. For analyzing the performance of the protocols, they assume specific parameters such as fault tolerance, cost and data transmission ability. Security threats along with appropriate solutions are discussed in this comprehensive survey covering authentication schemes, and physical controlled approach, etc. Further, in [42], a review is presented on solutions for CAN message authentication. Additionally, they analyzed the main requirements needed with aligned to the industry. Next, for improving the CAN security, a survey of proposed solutions is presented in [43]. The survey of proposed solutions also reflects the readiness and maturity for applicability in industry. For increasing the users' safety and comfort a large number of applications have been developed but on the other hand these advanced applications pose new security threats.
Furthermore, Avatefipour et al. [44] presented a survey for describing the current limitations of CAN-bus protocol. They discussed the various different solutions for ensuring the secure communication thereby overcoming the CAN bus limitations. Additionally, a survey of attack scenarios and corresponding solutions for CAN bus is described in [45]. The survey presented the security vulnerabilities in detail owing to absence of authentica-tion and encryption schemes for CAN bus. The survey reflected the fact that transition in technological development of automotive industry is primarily based on the CAN without considering the security factor carefully. Tomlinson et al. [46] presented the survey for CAN intrusion detection. The survey discussed the several methods for intrusion detection while considering all challenges in terms of requirements and practicability. Huynh et al. [47] reviewed several approaches for the protection of automotive applications. The main aim is to recognize the potential gaps for further improvement in performance of automotive applications. Intrusion detection systems are considered as prominent solution for protecting the CAN bus from malicious attacks.
Young et al. [48] presented a very deep survey on IDS approaches. In [49], a detailed survey of security mechanisms is presented with focus on specifically on cryptography and IDS. Wu et al. [50] presented the characteristics and constraints for designing the intrusion detection system (IDS). The detailed survey consists of the several different proposed IDS designs with corresponding limitations. Lokman et al. [51] demonstrated the deep analysis on IDS approaches. For this deep analysis, specific criteria are considered such as statistics, machine learning, frequency, and hybrid model. Bozdal et al. [52] provided the detailed outlook on security issues for CAN bus. They also presented the security vulnerabilities along with attack surface and appropriate corresponding different solutions. In [53], a review is presented with focus on three-layer security framework. The three layers considered are control, communication and sensing level. A detailed analysis is conducted considering attack perspective on security frameworks with focus on enhanced user reliability. Sun et al. [54] presented a broad survey on the security issues and challenges. The survey further illustrates corresponding defense approaches for ensuring security. Karopoulos et al. [55] presented complete survey on in-vehicle IDS. All existing in-vehicle IDS are analyzed and further classified. This paper presents the detailed analysis of security mechanisms on in-vehicle communications.

Security Threats to In-Vehicular Protocols and Countermeasures
Classification of automotive protocols and possible security threats are illustrated in Figure 9. This classification is used as based on further discussion in this subsection.

Security Threats to In-Vehicular Protocols and Countermeasures
Classification of automotive protocols and possible security threats are illustra Figure 9. This classification is used as based on further discussion in this subsection  Figure 9. Classification of automotive protocols and possible security threats.

CAN-Centric Security Threats
Research reports reported on six types of attacks on CAN bus systems , namely off attacks [56], denial of service (DoS) [57], masquerading, injection, eavesdropping replay attacks [58]. The attackers may get knowledge of the CAN frame since CAN f

CAN-Centric Security Threats
Research reports reported on six types of attacks on CAN bus systems, namely bus-off attacks [56], denial of service (DoS) [57], masquerading, injection, eavesdropping, and replay attacks [58]. The attackers may get knowledge of the CAN frame since CAN frames are generally not encrypted and fail to support message authentication thereby attackers may get entry to the network easily, this type of attack is known as a Masquerading attack. Additionally, the broadcasted vehicular CAN messages may be eavesdropped on by the attackers and subsequently, they may break into the in-vehicle networks, this type of attack is known as an eavesdropping attack. Next, the attackers may try to place false signals in the bus system of the vehicle. Through OBD-II ports, the attackers may successfully establish a connection with the in-vehicle system and consequently may try to compromise the ECUs, this type of attack is known as an injection attack. Further, the vehicle's operation in real-time may be hindered by the attacker by constantly re-sending the legitimate frames, this type of attack is known as a replay attack. Furthermore, the attacker may constantly send bits in the identification field and other fields also. This type of attack is known as a bus-off attack. Besides, the attacker may disrupt the normal processing of the in-vehicle communication by constantly delivering the CAN packet with high-priority that block valid packets of low-priority and may take control of the vehicle, this type of attack is known as a DoS attack. The first general guideline to guard against these attacks is to use encryption and authentication of the messages exchanged between ECUs [59].

Survey of Security Solutions Based on Machine Learning Algorithms
In today's world of wireless networks, machine learning (ML) approaches are considered as the most promising choice for handling security-related issues. Researchers are proposing solutions utilizing ML to deal with vehicle security issues. machine learning (ML) approaches have significant advantages as compared with other mechanisms, one of the main important features is to get optimal predictions about several types of attacks. Figure 10 reflects the use of machine learning model in intrusion detection.
For in-vehicle networks, Song et al. [60] designed an efficient intrusion detection framework. Time intervals-based analysis is conducted on the CAN messages in this lightweight framework. The analysis is started by capturing CAN messages from the CAR and performing message injection attacks. The significant insights have been derived in this analysis as attacks on the CAN traffic can be detected by carefully deep analysis of time intervals. Results revealed the fact that this lightweight framework has not been suffering from false-positive errors while detecting all of message injection attacks. Next, Kang et al. [61] designed the deep neural network-based intrusion detection framework for enhancing the security level. From the in-vehicle network packets, feature vectors (probability-based) are extracted and DNN model is trained with these feature vectors. After training, the DNN model can easily discriminate the attack and normal packets and thereby any malicious attack on the vehicle can be identified. The detection accuracy of the proposed framework is much improved as compared to traditional AI-based systems since the parameters are initially initialized via unsupervised approach of deep belief networks (DBN).
Further, Ghaleb et al. [62] proposed machine learning-based model for misbehavior detection. To detect the misbehavior effectively, regularly new features are updated and derived representing the misbehavior, status of communication. Next, historical data consisting of both normal and attacked traffic data is utilized for training the misbehavior classifier based on feed forward and backpropagation techniques of Artificial Neural Network. Jagielski et al. [63] designed intrusion detection methods using machine learning and physical-based constraints. They provided an extensive analysis of attacks targeting the adaptive cruise control, and the local sensors, namely RADAR, LiDAR, etc. The analysis of attacks revealed the fact that these attacks have a high impact on safety, comfort, and efficiency, etc. For in-vehicle networks, Seo et al. [64] designed intrusion detection system utilizing deep learning approach. For detecting the unknown attacks, the proposed framework only utilizes the normal data. Additionally, Ferdowsi et al. [65] designed the deep reinforcement learning-based system to enhance the robustness of dynamics control for the autonomous vehicles against cyber physical attacks. Game-theoretic environment is utilized for the analysis of the vehicles' reaction to cyber physical attacks in this proposed framework. For in-vehicle networks, Song et al. [60] designed an efficient intrusion detection framework. Time intervals-based analysis is conducted on the CAN messages in this lightweight framework. The analysis is started by capturing CAN messages from the CAR and performing message injection attacks. The significant insights have been derived in this analysis as attacks on the CAN traffic can be detected by carefully deep analysis of time intervals. Results revealed the fact that this lightweight framework has not been suffering from false-positive errors while detecting all of message injection attacks. Next, Kang et al. [61] designed the deep neural network-based intrusion detection framework for enhancing the security level. From the in-vehicle network packets, feature vectors (probability-based) are extracted and DNN model is trained with these feature vectors. After training, the DNN model can easily discriminate the attack and normal packets and thereby any malicious attack on the vehicle can be identified. The detection accuracy of the proposed framework is much improved as compared to traditional AI-based systems since the parameters are initially initialized via unsupervised approach of deep belief networks (DBN).
Further, Ghaleb et al. [62] proposed machine learning-based model for misbehavior detection. To detect the misbehavior effectively, regularly new features are updated and derived representing the misbehavior, status of communication. Next, historical data consisting of both normal and attacked traffic data is utilized for training the misbehavior classifier based on feed forward and backpropagation techniques of Artificial Neural Network. Jagielski et al. [63] designed intrusion detection methods using machine learning Zhu et al. [66] designed an efficient intrusion detection framework utilizing distributed long-short-term-memory. The complexity is reduced in the detection mechanism since only binary CAN messages are utilized in this framework and thereby semantics of messages are not revealed which is a complex procedure. The proposed framework has multidimensional nature since data as well as time dimensions are taken into consideration for detection based on LSTM. The results showed high accuracy in detection. Furthermore, Eziama et al. [67] conducted a comparative analysis considering total five machine learning approaches, namely K-Nearest Neighbor, Linear and Radial Support Vector Machine, model based on Decision Tree, model based on Naive Bayes, and finally, a model based on Random Forest. To distinguish honest as well as malicious data, the recommendation system utilizes different communication nodes. The trust computation measures have been utilized to authenticate the performances of these five models, such as Recall and Precision, Receiver Operating Characteristics (ROCs).
Next, Sherazi et al. [68] proposed an Intrusion Detection framework utilizing Qlearning and fuzzy logic specifically for countering Distributed Denial of Service attacks. The simulations results attest the fact the proposed framework perform well for providing defense against Distributed Denial of Service attacks. Additionally, Khanapuri et al. [69] designed security framework utilizing convolutional neural network and deep neural network. The various sensors (RADAR, LIDAR, etc.) fitted with the smart vehicles play a major role in providing real time sensor data such as relative speed of the neighbors, as well as range, etc. These noisy sensor data are followed a Guassian Distribution and then finally utilized for training the convolutional neural network and deep neural network. Furthermore, Song et al. [70] designed a deep convolutional neural network-based effective intrusion detection framework for enhancing the protection level of the CAN bus. In the proposed framework, deep convolutional neural network model easily identifies the malicious traffic after properly learning the pattern of the traffic data. The proposed framework provides a high detection performance with significant reduction in complexity. Xiao et al. [71] proposed lightweight security framework to counter against attacks on the CAN bus through various accessing points. The proposed security framework is divided into two individual frameworks, namely simplified attention (SIMATT) framework based on the machine learning and second one known as security control unit (SECCU) framework. The use of two individual framework instead of single one reduces the computational cost significantly.
Next, Guo et al. [72] proposed security framework consisting of two parts, namely designing of context-aware trust management model as well as reinforcement learning model. The first model aimed at evaluating the trustworthiness of messages. The second model is used to select the appropriate evaluation strategy in order to ensure the high precision in evaluated results. Katragadda et al. [73] designed sequence mining methodology for detecting low-rate injection attacks in CAN. The efficacy of the proposed approach is measured by gradually changing characteristics of the attacks. Additionally, Rasheed et al. [74] proposed deep reinforcement learning-based framework for maximizing the robustness of control for autonomous vehicle. In this environment, the attacker tries to manipulate the sensor readings of the vehicle for disrupting the optimal working mechanism of autonomous vehicle on the road. By manipulating the sensor readings such as safe distance, etc., accident of autonomous vehicles may happen. Lin et al. [75] proposed effective intrusion detection framework utilizing deep learning for the three specified attacks known as impersonation, Denial of Service, and fuzzy on the CAN traffic. The proposed framework reflects good efficacy in handling premature convergence by using evolutionary optimization algorithm. The results proved the outstanding performance of the proposed framework.
Besides, Hossain et al. [76] proposed Intrusion Detection framework utilizing Long Short-Term Memory for providing protection against CAN bus attacks. First, attack free normal data is extracted from the CAR for generating the genuine data set subsequently attack data is extracted by injecting attacks. This real time genuine data set is used in training the LSTM-based model. Additionally, Angelo et al. [77] proposed an intrusion detection framework utilizing two algorithms. First algorithm aimed at learning the behavior of the traffic data while second is data-driven algorithm. These two algorithms are used to focus on real-time classification of traffic data resulting into prior alert towards the presence of malicious messages. Further, Table 2 illustrates the summary of in-vehicle security solutions based on machine learning algorithm.
From the above extensive research, we get the crucial facts such as the use of machine learning approaches are considered as prominent solution for detecting and predicting several types of attacks on in-vehicle network. Therefore, machine learning-based frameworks are used for analyzing CAN traffic effectively. The effectiveness of machine learning-based approaches is based on several factors. The first crucial factor is the pre-processing methodology adopted for pre-processing the raw CAN data. This is considered as crucial factor since no specification is provided by the automotive manufactures on decoding the raw data features. Supervised machine learning-based approaches are quite time consuming due to labelling of raw CAN data, identification and classification CAN attacks, etc. On the other hand, unsupervised machine learning-based mechanisms use data for finding the common patterns and further utilizing these patterns for classification of CAN traffic and identifying the anomalous behavior.

Survey of Security Solutions Based on Cryptography Techniques
Cryptography algorithms are used to counter the diversified cyber-attacks on the in-vehicle network of smart vehicles. Several security frameworks have been proposed using cryptography algorithms. The hackers are using real time latest advanced techniques to attack on the vehicles and therefore, no standard security framework is available with guaranteed resolutions for latest threats. Researchers are using new advanced cryptographic algorithms in designing security framework to provide protection to CAN bus and thereby protecting the data frames from manipulation. Figure 11 depicts the general asymmetric approach used in securing the vehicle-to-vehicle communication. data for finding the common patterns and further utilizing these patterns for classification of CAN traffic and identifying the anomalous behavior.

Survey of Security Solutions Based on Cryptography Techniques
Cryptography algorithms are used to counter the diversified cyber-attacks on the invehicle network of smart vehicles. Several security frameworks have been proposed using cryptography algorithms. The hackers are using real time latest advanced techniques to attack on the vehicles and therefore, no standard security framework is available with guaranteed resolutions for latest threats. Researchers are using new advanced cryptographic algorithms in designing security framework to provide protection to CAN bus and thereby protecting the data frames from manipulation. Figure 11 depicts the general asymmetric approach used in securing the vehicle-to-vehicle communication. Figure 11. Use of general asymmetric cryptography approach for securing vehicle to vehicle communication.

Encrypted Message
Nilsson et al. [86] proposed a data authentication framework for modification and injection attacks. The proposed data authentication is known as delayed authentication since MAC is derived on a compound of successive messages and sent with other subsequent messages. Next, Herrewege et al. [87] explored the implementation issues of the message authentication protocol for CAN bus. After successful investigation, they find out various constraints which are related with backward compatible message authentication protocol and presented a new message authentication protocol in order to address the existing constraints. Additionally, Hazem et al. [88] designed a new protocol known as message source authentication protocol. The proposed authentication protocol performs well with minimum overhead. The implementation of the proposed protocol does not require neither any modifications in hardware for CAN network nor any changes in existing CAN message sets. Further, Groza et al. [89] utilize symmetric primitives for designing the authentication protocol having two main mechanisms , namely mixing of MAC and splitting of keys. In the proposed protocol, authentication keys are split among multiple groups of nodes results in progressive authentication as compared with traditional approach of authentication for each node independently.
In [90], several different methodologies are presented for preventing the unauthorized data transmission thereby increasing the security level in CAN and in [91], protocol is presented to counter against DoS attacks. Additionally, a secure channel is provided by the proposed protocol between external devices and in-vehicle network components. The proposed protocol consists of two main authentication processes , namely checking the authenticity of transmitter and data validation through message authentication. Further in [92], a centralized framework is presented for CAN with enhanced CAN controller. The monitoring system in the proposed centralized framework utilizes a message Figure 11. Use of general asymmetric cryptography approach for securing vehicle to vehicle communication.
Nilsson et al. [86] proposed a data authentication framework for modification and injection attacks. The proposed data authentication is known as delayed authentication since MAC is derived on a compound of successive messages and sent with other subsequent messages. Next, Herrewege et al. [87] explored the implementation issues of the message authentication protocol for CAN bus. After successful investigation, they find out various constraints which are related with backward compatible message authentication protocol and presented a new message authentication protocol in order to address the existing constraints. Additionally, Hazem et al. [88] designed a new protocol known as message source authentication protocol. The proposed authentication protocol performs well with minimum overhead. The implementation of the proposed protocol does not require neither any modifications in hardware for CAN network nor any changes in existing CAN message sets. Further, Groza et al. [89] utilize symmetric primitives for designing the authentication protocol having two main mechanisms, namely mixing of MAC and splitting of keys. In the proposed protocol, authentication keys are split among multiple groups of nodes results in progressive authentication as compared with traditional approach of authentication for each node independently.
In [90], several different methodologies are presented for preventing the unauthorized data transmission thereby increasing the security level in CAN and in [91], protocol is presented to counter against DoS attacks. Additionally, a secure channel is provided by the proposed protocol between external devices and in-vehicle network components. The proposed protocol consists of two main authentication processes, namely checking the authenticity of transmitter and data validation through message authentication. Further in [92], a centralized framework is presented for CAN with enhanced CAN controller. The monitoring system in the proposed centralized framework utilizes a message authentication code. The mechanism starts by authenticating each ECU in the bus by a node and then message authentication codes are reviewed which are assigned to messages being transmitted in the bus. Figure 12 illustrates the working of centralized framework in detail. authentication code. The mechanism starts by authenticating each ECU in the bus by a node and then message authentication codes are reviewed which are assigned to messages being transmitted in the bus. Figure 12 illustrates the working of centralized framework in detail.  Next, in [93], an advanced framework is proposed which is based on runtime verification to provide security against several attacks on CAN. The proposed framework uses copilot method for performing run time detection. Additionally, in [94] a CAN authentication protocol is presented for providing immunity against attacks. The proposed lightweight authentication protocol is effective against a DoS attack. The proposed authentication protocol has three main stages and through these stages all weak points are addressed to provide secure and robust environment for CAN. Further, authors in [95] designed a security framework for providing security in CAN. For the security of transmitted messages, the proposed framework utilizes a truncated MAC. Additionally, in a data frame, it utilizes a segment of MAC. Therefore, the proposed framework is using two different mechanisms to secure the CAN against malicious attacks. The results attested the fact that the proposed framework effectively handle the replay and tampering attacks. Furthermore, new methodology based on cryptographic techniques is presented in [96] for increasing security in CAN. The proposed lightweight framework uses stream cipher to encrypt messages while protection against external attacks is provided through a key management mechanism. The results shown that the proposed framework is characterized with two main features such as minimum memory requirements as well as high efficiency as compared with other MAC-based schemes. Further Table 3 illustrates the summarized key points of literature representing security solutions based on cryptographic techniques  Next, in [93], an advanced framework is proposed which is based on runtime verification to provide security against several attacks on CAN. The proposed framework uses copilot method for performing run time detection. Additionally, in [94] a CAN authentication protocol is presented for providing immunity against attacks. The proposed lightweight authentication protocol is effective against a DoS attack. The proposed authentication protocol has three main stages and through these stages all weak points are addressed to provide secure and robust environment for CAN. Further, authors in [95] designed a security framework for providing security in CAN. For the security of transmitted messages, the proposed framework utilizes a truncated MAC. Additionally, in a data frame, it utilizes a segment of MAC. Therefore, the proposed framework is using two different mechanisms to secure the CAN against malicious attacks. The results attested the fact that the proposed framework effectively handle the replay and tampering attacks. Furthermore, new methodology based on cryptographic techniques is presented in [96] for increasing security in CAN. The proposed lightweight framework uses stream cipher to encrypt messages while protection against external attacks is provided through a key management mechanism. The results shown that the proposed framework is characterized with two main features such as minimum memory requirements as well as high efficiency as compared with other MAC-based schemes. Further Table 3 illustrates the summarized key points of literature representing security solutions based on cryptographic techniques.

CAN Controller
From the above extensive research, we get the crucial facts such as the use of cryptography approach against security threats to in-vehicle network has all potential advantages except that the CAN bus controller requires additional computational resources. Generally, there are two main components in the Cryptography approach. First is known as Message Authentication Code (MAC) and another is called as cryptosystems having two fields symmetric and asymmetric. Further, Integrity and Authentication is ensured by the MAC while confidentiality is provided by the symmetric and asymmetric cryptosystems. Additionally, session keys can be utilized for providing authentication. For vehicle safety, the load on the CAN bus and latency issue in response time should be within specified limit. Additionally, error detection in data frame transmission is provided by the Cyclic Redundancy Code (CRC) at CAN bus. ECUs are having their own limitations in terms of computational capacity thereby lightweight encryption is one of the solutions for handling this issue since ECUs are core components inside the vehicle handling various functions simultaneously. The bus may be heavily loaded during key exchange and pre-loaded keys in the ECUs can tackle this situation in key distribution environment. The Hardware Security Module (HSM) in ECUs can be effectively utilized for performing encryption and decryption in optimal time and compensating the issue of resource constrained ECUs. Although several significant developments towards security framework based on cryptography algorithms can be seen but cost factor in successful implementation of these schemes cannot be ignored. The proposed scheme works well with only lower number of nodes

Injection, Replay
In the proposed scheme, authentication protocol is designed utilizing MAC mixing and key splitting mechanism.

CAN Bus
Proposed solution is software-based and can be easily applied Secret Keys (Symmetric Pair wise) and MAC [90] No comparative analysis is provided for testbed experiment In the adapted protocol, elliptic curves are implemented with variety of different parameters.

CAN Bus
Simulation is performed using Vector Canoe.
Authentication (Lightweight) [94] No comparative analysis is provided for other types of attacks Denial of Service A new CAN authentication protocol is proposed.

CAN Bus
The proposed scheme utilize two different MAC methods.
Key Management, MAC [95] No comparative analysis is provided for other types of attacks

Replay, Tampering
A new message authentication-based protocol is proposed for CAN.

CAN Bus
The proposed scheme requires less memory and speed is high SHA, RC4, AES-128 [96] No comparative analysis is provided for other types of attacks

CAN Bus
The proposed scheme can change the encrypted messages frequently Symmetric Key (Dynamically Managed) [102] No comparative analysis is provided for other types of attacks Replay 1.
In the proposed scheme, payload data is encrypted using symmetric key.

2.
Key generators are used to dynamically changing the symmetric key.

CAN Bus
The proposed security framework is hardware-based PUFs, ECDH [103] No comparative analysis is provided for other types of attacks Spoofing, Eavesdropping 1.
In the proposed scheme, ECDH is utilized.

2.
In this scheme shared key is not stored.

CAN Bus
The proposed security model block the compromised data on the receiver as well as sender side simultaneously.
Blacklisting, MAC, Whitelisting [104] No comparative analysis is provided for other types of attacks Denial of Service, Man in the Middle

1.
A hardware-based security framework is designed.

2.
For secure booting, trusted hardware modules are used.

CAN Bus
The proposed scheme is evaluated on several embedded systems environment 128-bit key, ChaskeyMAC, Pre-shared [105] No comparative analysis is provided for other types of attacks

Spoofing, Replay
An authentication protocol is proposed for CAN-FD, utilizing ChaskeyMAC.

CAN Bus
In the proposed scheme CAN ID is shuffled using NAS frequently.
HMAC, AES-128, SHA-256, Shuffling-CAN ID, AKEP-2 [106] No comparative analysis is provided for other types of attacks Replay, Impersonation In the proposed scheme, attack surface is dynamically shuffled using one time Id.

CAN Bus
Communication security is provided by group-based approach, effective group key management Keys (Public andPrivate), Gateway-ECU [107] No comparative analysis is provided for other types of attacks

Spoofing, Sniffing, Replay
A new security architecture is proposed in which Gateway-ECU is used for communication among ECUs.

CAN Bus
Experiment is conducted on real hardware.
GHASH, AES-128 [108] Delay Issue, no comparative analysis is provided for other types of attacks Sniffing, Replay, Spoofing In the proposed scheme, encrypted CAN frames are assigned several different priorities for handling the increased delay in the system.

CAN Bus
The proposed scheme does not require any changes to existing hardware.
AKEP2, MAC, Session Keys [109] No comparative analysis is provided for other types of attacks Denial of Service, Masquerade, Bus-Off A new authentication protocol is proposed. No need of any hardware modifications.

CAN Bus
Design optimization is performed in the proposed scheme for ensuring time critical execution of applications HMAC 64 bits, Key distribution process based on Diffie-Hellman [110] No comparative analysis is rovided for other types of attacks Denial of Service, Injection, Replay, Impersonation, Bus off The proposed scheme uses HMAC for ensuring security on CAN bus.

CAN Bus
Sender nodes are authenticated using software-based mechanism AES-128, MAC [111] No comparative analysis is provided for other types of attacks

Concatenation, Injection, Replay
The proposed scheme utilizes the ordered CMAC buffer for authenticating the CAN frames ID.

CAN Bus
The proposed scheme has two significant contributions, namely sender authentication and effective key management MAC, Session Keys [112] No comparative analysis is provided for other types of attacks

Replay, Impersonation
The proposed scheme is characterized with two features, namely authentication of the sender as well as management of keys.

CAN Bus
Overhead of CAN communication is reduced significantly by mixing diversified authentication tags.

SHA-256, MAC, Symmetric Key Cryptography, Bloom
Filters [113] No provision of key distribution and no comparative analysis is provided for other types of attacks

Replay, Man in the Middle
In the proposed scheme, CAN bus data authentication is carried out with the help of Bloom Filters attributes.

CAN, Automotive Ethernet
Mutual identity authentication is provided to all communication parties and session key confidentiality is effectively managed Symmetric Cryptography, Session Keys, AEAD Algorithm [114] No comparative analysis is provided for other types of attacks Eavesdropping, Replay, Man in the Middle, Masquerade The proposed scheme is featured with efficient authentication as well as secure communication.
Session keys are updated regularly.

Security Threats-FlexRay
Eavesdropping [115] and static segment attacks [116] are the two main types of threats in FlexRay. In the case of the former type of attack, FlexRay messages are accessed by the attackers and consequently, the attacker can obtain all the critical information. This attack results in leakages of data, impact on data confidentiality, and also security concerns. In the case of later types of attack, the communication cycle of FlexRay having a static segment is attacked. This attack also includes replay, injection, and masquerading types of attacks. The preventive mechanism for both these types of attacks consists of the implementation of an advanced scheme for authenticating the message within the static segment [117]. Timed Efficient Stream Loss-tolerant Authentication (TESLA) [118] is the authentication protocol.

Security Threats-Local Interconnect Network (LIN)
Three attacks usually occur to LIN, namely message spoofing [119], header collision, and response collision attacks. In the message spoofing attack, the attacker tries to interrupt vehicular communication by sending false unauthorized messages with the only objective of shutting down LIN. This attack is caused by the vulnerabilities in the master-slave model of LIN. In the collision response attack, the hacker tries to exploit the error handling protocol of LIN. In this attack, along with a valid message, the attacker sends an illicit message consisting of a false header concurrently. Consequently, the message transmission is stopped by the legitimate slave node immediately, whereas illegitimate messages will be accepted by all other nodes. In the header collision attack, the hacker tries to create a conflicting situation. The attacker sends an incorrect header to create a conflicting situation since a valid header from the master node is also present in the system. According to the valid header, the response should be released by the specified slave node, on the other hand, an incorrect header states that the changes occur in the source node. This attack may create several life-threatening unwanted functions for the example steering wheel of the vehicle can be locked while the vehicle is driving on the road, opening the sliding doors of the vehicle and much more, these functions not only cause threats to the life of passengers but also damage the overall vehicle. In the corrective mechanism against these types of attacks, the slave node can send unusual signals for overwriting the fake messages of the hacker whenever the value of the bus mismatches from its response [120].

Security Threats-Automotive Ethernet (AE)
Four types of attacks usually occur to Automotive Ethernet such as traffic integrity, traffic confidentiality, network access, and DoS attacks [121]. In the network access attacks, the hacker first establishes a connection with the unsecured port of the switch and then via this connection hacker tries to connect to the Ethernet network. The ultimate objective of the attacker is to get access to the network and subsequently take control over several different nodes or control the network remotely. In the traffic confidentiality attacks, the attacker first gets access to the network and then he attacks the network and tries to overhear activities in the network. The traffic integrity attacks can be considered similar to attacks as a man-inthe-middle. In this type of attack, information is exploited by diverting the traffic towards the compromised node. There are two types of these attacks, namely session hijacking as well as replay attacks. DoS attacks are classified into two categories in Ethernet. In the first category of DoS attack, the attacker tries to disrupt the Ethernet infrastructure and convert it totally into an unusable form. In this attack, the attacker first physically destroys links or hardware. Next, the second category of DoS attack is also known as resource depletion attacks or protocol-based DoS attacks. In this attack, the attacker constantly submits frames for analysis in order to waste energy. The corrective mechanism should consider the authentication, and frame replication along with the virtual local area network segmentation scheme [122].

Security Threats-Media-Oriented Systems Transport (MOST)
Two types of attacks which are generally occurred to MOST, namely jamming and synchronization disruption attacks. In the synchronization disruption attacks, the hacker tries to tamper with the synchronization of MOST by sending the fake timing frames continuously. In jamming attacks, the hacker tries to interrupt low-priority legitimate messages having specified length by continuously delivering misleading messages. Additionally, the hacker may continuously request data channels on MOST transmission via control channels. The corrective mechanism has three main approaches such as source node authentication, exchanged messages should be encrypted, and strict enforcement of firewalls and gateway [123].

Multi-Layered Security Framework
The modern advanced vehicles have complex and sophisticated in-vehicle architecture. Additionally, these vehicles are equipped with highly sensitive sensors, different electronic devices, computer systems, etc. in order to secure these sophisticated systems, a coordinated, systemic integrated cybersecurity framework is needed to design the solutions and to minimize security risks. For the cyber security of in-vehicle networks, a multi-layered approach is the need of the hour. We need an integrated security approach since hackers invade vehicles through cyber and via the physical world. Further, Figure 13 illustrates the multi-layered security framework for in-vehicle networks with corresponding automotive protocols. In the context of scientific novelty, it is highlighted that the multi-layered security framework is proposed based on the findings of critical investigation of existing literature. Each layer addresses a specific type of security threat for in-vehicle communication network. It is highlighted that the multilayer security framework is proposed based on the understanding and knowledge aided by critical analysis and findings of existing approaches for the security of in-vehicle network. We found that the literature is lacking in terms of cohesive multi-layer security framework for in-vehicle network. In this framework, we addressed different security issues of in-vehicle network in specific layers including ECU-boot level security, ECU to ECU communication, domains/sub-domains communication, application software update or version issues, gateway security controller, and vehicle to outside services.
However, it is clarified that in the proposed integrated multilayer security framework, each layer ensures specific functionality and address security threats. This is the reason we divided the framework into six layers staring from ECU-boot level security, ECU to ECU communication, domains/sub-domains communication, application software update/version issues, gateway security controller, and finally in-vehicle network to vehicle outside services security issues. In the Secure Gateway/Domain Controller layer, we are more concerned about security of gateway while at the secure external communication layer, we have a priority to protect the communication channels. In terms of in-general functional roles all automotive protocols are somehow or other play role in all layers due to complex structuring of modern in-vehicular system. However, if we make deep analysis based on maximum effectiveness of automotive protocols in terms of providing functionality to domain/sub-domain of in-vehicular system, then we can identify which specific automotive protocol is more suitable to a layer. Therefore, we used a protocol for a layer with more effective and suitable functionality consideration in mind while developing the framework.

Layers Representation Automotive Protocols
Layer-1 Control Platform Layer FlexRay However, it is clarified that in the proposed integrated multilayer security framework, each layer ensures specific functionality and address security threats. This is the reason we divided the framework into six layers staring from ECU-boot level security, ECU to ECU communication, domains/sub-domains communication, application software update/version issues, gateway security controller, and finally in-vehicle network to vehicle outside services security issues. In the Secure Gateway/Domain Controller layer, we are more concerned about security of gateway while at the secure external communication layer, we have a priority to protect the communication channels. In terms of ingeneral functional roles all automotive protocols are somehow or other play role in all layers due to complex structuring of modern in-vehicular system. However, if we make deep analysis based on maximum effectiveness of automotive protocols in terms of providing functionality to domain/sub-domain of in-vehicular system, then we can identify which specific automotive protocol is more suitable to a layer. Therefore, we used a protocol for a layer with more effective and suitable functionality consideration in mind while developing the framework.

Control Platform Layer
This layer aims at enhancing the security of platform. This layer can be assumed as vehicle main nerve center for securing the in-vehicle network of smart intelligent vehicle against malicious threats. Control layer aspect deals with security solutions for protecting firmware of ECU, enhancing security at booting level, and also security of hardware modules (HM). The original equipment manufacturer (OEM) trusted server and trusted platform module (TPM) chip at ECU play a major role in this mechanism. The secure connection is effectively maintained between these two modules for the exchange of encrypted firmware update image file and data for enhancing security at booting level, ECU firmware, etc. The ECU firmware should be updated frequently to counter the diversified

Control Platform Layer
This layer aims at enhancing the security of platform. This layer can be assumed as vehicle main nerve center for securing the in-vehicle network of smart intelligent vehicle against malicious threats. Control layer aspect deals with security solutions for protecting firmware of ECU, enhancing security at booting level, and also security of hardware modules (HM). The original equipment manufacturer (OEM) trusted server and trusted platform module (TPM) chip at ECU play a major role in this mechanism. The secure connection is effectively maintained between these two modules for the exchange of encrypted firmware update image file and data for enhancing security at booting level, ECU firmware, etc. The ECU firmware should be updated frequently to counter the diversified attacks in current advanced technological automotive era. Further, authenticity of ECU firmware update can be verified via signing/secure flashing mechanism.

Secure ECU to ECU Communication in In-Vehicle Network
This layer ensures message delivery with integrity proof between ECUs. The hackers are targeting a large volume of sensitive information which is actually generated by The ECUs. The security mechanism should ensure the reliability, confidentiality, and integrity of this sensitive information. A hardware security module (HSM) chip should exist in the modern in-vehicle network that work as security controller. The security controller has three main modules, first module is responsible for ECU id authentication and ECU state verification, second module handles encryption/decryption of messages exchanged and third module control the secure flash storage. All messages from the ECUs should be forwarded to HSM chip (security controller). The security controller will analyze the messages and identify the destination ECU. Based on the state of the destination ECU and message security properties, it decides whether the message should be forwarded to the destination ECU or not.

Reliability and Privacy of Communication between Domains/Sub-Domains in In-Vehicle Network
This layer ensures the reliability and privacy of communication between domains/sub domains in the vehicle. A vehicle domains/sub-domain reflects the grouping of functions and systems with respect to specified areas, for example telematics domain, infotainment domain, chassis domain, powertrain domain, sensor domain, and body domain, etc. This layer protects the domains/subdomains by using four security mechanisms as follows: Message authentication system: Cryptographic certificate is used to ensure an authenticated sender and message integrity. This certificate is added to all messages in the network. Encryption: Messages are encrypted inside the vehicles to guard against loss of data and identity theft since messages are distributed with several different ECUs. Detection of intrusion: The corrective mechanism should use the cryptographic accelerators and security subsystems integrated with the microcontroller to guard against threats. Validation at ECU level: In the vehicle network, ECU's validity is checked first at the start of the engine and also afterwards at specified time intervals.

Application Software Reliability and Authenticity
All application software should ensure reliability and authenticity qualities. The hackers are using software download/update features for attacks. The secure mechanism immediately updates the vehicle software whenever any security vulnerabilities is detected. The application software is generally developed by the third-party manufacturer and verified software file image is sent to original equipment manufacturer (OEM) trusted server for uploading. The software update manager module at OEM trusted server sends notification to vehicle owner for the availability of updated software version. After confirmation from the vehicle owner, the updated software version is installed in secure in-vehicle network storage area. In this entire mechanism, security of channels is a prime concern. There are various techniques exists for enhancing the security of channels, namely hash function, digital signatures, blockchain technologies, etc. Additionally, for verifying the trustworthiness of the encryption mechanism, modern advanced microcontrollers have features such as integrity testing in real time, etc.

Secure Gateway /Domain Controller
This layer ensures the security of gateway/domain controller. All modern critical gateways must be equipped with next generation advanced security mechanisms such as advanced key management schemes/firewalls, intrusion detection schemes, etc. The main responsibility of the gateway is to maintain the secure configuration of the system. Context-aware routing is implemented by the gateway, in this routing mechanism, the gateway checks the validity of the messages, and all valid messages are permitted to transfer via the gateway to the corresponding destination through a different number of complex controls. The automotive manufacturers are working towards designing robust and secure gateway controller module. The cryptographic credentials are stored in the secure hardware extension (SHE) chip which is the part of secure gateway controller module. The main role of SHE chip is to protect the cryptographic credentials from the hackers. The public key infrastructures (PKI) of various communication service providers manages the cryptographic credentials inside the SHE chip.

Secure External Communication
This layer ensures secure communication from in-vehicle network to various services outside the vehicle. This layer provides authentication and message validation functionality for protecting message integrity and thereby protecting the communication channels from data manipulation and data theft. Due to these features, vehicle-to-everything communication, telematics, etc. are secured. All communications from in-vehicle communication stack to roadside unit (RSU) must be established via trusted communication authority (TCA) for providing authentication and message validation. Certificates which are used during communication between in-vehicle communication stack and TCA, further between TCA to RSU should be changed frequently for maintaining the integrity of the sender. Additionally, the integrity of the message content can be protected with the help of digital signature.

Open Challenges and Future Research Directions
The rapid development in vehicular communication paves the way for more threats. There is an urgent requirement for the development of security mechanisms to counter these threats. The diverse cyber-attacks on in-vehicle network of smart vehicles may lead to damage to the vehicle as well as possible loss of life. All stack holders should consider the security of in-vehicle networks a high priority. The below section will discuss in detail various challenges and future research directions for in-vehicle network security aspects [124,125]. Figure 14 illustrates the open challenges for in-vehicle network.

Availability of Related Data Sets
The impact of advanced research on the security of vehicles depends on the genuine real-time data sets containing message semantics for experimentation. Unfortunately, the availability of related genuine datasets is the main constraint in advanced research. The CAN bus datasets are the intellectual property of particular automobile manufacturers and therefore these data sets are not available publicly for experimentation. The possible solution to this issue is a collaboration between automobile manufacturers and the researcher. Further, data frames in the in-vehicle networks are generated in milliseconds therefore labelling of data is a complex issue. Although predefined attacks are identified by supervised learning, we have to focus on developing security solutions having the capability of handling new and diversified attacks [124].

Implementation in Real Scenarios/Expensive Experiments
The research advancements for countering cyber-attacks on smart vehicles should be implemented in real scenarios for achieving optimum results. However, the implementation of research solutions in real scenarios has various limitations. A researcher cannot afford to buy a car for conducting experiments. The seamless solution in these circumstances is collaborative efforts between research organizations and automotive manufacturers [

Availability of Related Data Sets
The impact of advanced research on the security of vehicles depends on the genuine real-time data sets containing message semantics for experimentation. Unfortunately, the availability of related genuine datasets is the main constraint in advanced research. The CAN bus datasets are the intellectual property of particular automobile manufacturers and therefore these data sets are not available publicly for experimentation. The possible solution to this issue is a collaboration between automobile manufacturers and the researcher. Further, data frames in the in-vehicle networks are generated in milliseconds therefore labelling of data is a complex issue. Although predefined attacks are identified by supervised learning, we have to focus on developing security solutions having the capability of handling new and diversified attacks [124].

Implementation in Real Scenarios/Expensive Experiments
The research advancements for countering cyber-attacks on smart vehicles should be implemented in real scenarios for achieving optimum results. However, the implementation of research solutions in real scenarios has various limitations. A researcher cannot afford to buy a car for conducting experiments. The seamless solution in these circumstances is collaborative efforts between research organizations and automotive manufacturers [125].

State Aware In-Vehicle Network Cyber Security
Some security approaches do not consider the different vehicle states. Therefore, the efficacy of the security approaches is only limited to specified vehicle states. The security mechanisms should be robust in nature with higher coverage to different vehicle states [116].

The Complexity of Security Solutions
Researchers are proposing a variety of security solutions based on AI/machine learning, neural network, cryptography, etc. The performance of the proposed security solutions can be increased by combining different backbone techniques used in developing security solutions. Several vibrant factors can be considered while developing security solutions such as computational requirements in the proposed security solution should be low [117].

Performance Metrics
The performance of the security solutions can be observed concerning a variety of metrics such as accuracy, recall, precision, F-score, etc. The proposed security solutions should have improved false-positive percentages for detecting attacks. In the real-world scenario, there is a need of developing security solutions having autonomous actions in terms of indicating and mitigating attacks [118].

Portability and Compatibility of Proposed Solutions
The proposed security solutions should have portability and compatibility features, this can be achieved by testing the performance of the proposed security solutions in real-time scenarios. The proposed security solutions should also qualify for the minimum standard mark as per the cyber security standards [119].

Upgraded Hardware Resources
The advanced security solutions need upgraded hardware resources used on invehicle networks. There is a need for scalable hardware resources in in-vehicle networks for supporting new functionality. Research is going on developing next-generation ECU's and gateways for identifying the suspicious messages and thereby stopping the transmission of these fake messages. In the network [120].

Cross-Layer Security
The advanced security solutions are more efficient enough than the traditional approaches since they focus on cross-layer security for providing secure data communications for in-vehicle networks. The traditional security solutions either focus on physical layer or application layer security which is why their efficiency is limited [121].

Diversified Nature of Cyber Attacks
Researchers are now working on developing security solutions to counter as many attack patterns as possible. The rapid development of smart vehicles gives rise to advanced security issues as well. The next-generation security solutions will protect against manipulation of CAN frame semantics [122].

Use of Blockchain in Securing In-Vehicle Communication
Future research directions towards securing CAN bus of in-vehicle networks should include blockchains. Blockchain technology is new technology and has the capability to combat cyber-attacks. Blockchain is defined as a distributed data structure. The blocks in the distributed data structure are in chronological order and chained cryptographically. The main security challenge in utilizing blockchain technology for securing in-vehicle systems is a consensus mechanism. The consensus mechanism utilized in blockchain technology will have a direct impact on the security of the system [123].

Reliability, Latency and Bandwidth Issues
Reliability is the crucial factor for optimal performance of in-vehicle networks, for example, consider the case of ADAS data transmission, if the ADAS data transmission is unreliable then it may result in damage to the vehicle and probable life hazards to passengers. Latency is another important parameter in the vehicle network. All safety components have stringent delay specifications for ensuring optimal reliability. The third important issue is bandwidth, for high bandwidth and communication efficiency additional requirements are needed in in-vehicle networks which raises several challenges [124].

Communication Delay Due to Data encryption and Message Authentication
The communication delay is directly affected by the processing capabilities of the microcontroller since data encryption and message authentication require additional computational resources. Additionally, the size of the data frame is also a crucial factor in communication delay as the transmission mechanism takes additional processing time [125].

Conclusions
Manufacturing of modern smart intelligent vehicles are the result of integration of communication technologies and advanced computing with automotive industries. Initially automotive protocols are designed without considering the security threats, but current scenarios require advanced security schemes for these protocols to counter against malicious attacks. The security schemes are using different technology environments such as using cryptography techniques and machine learning algorithms. For enhancing the security of in-vehicle network, several research articles have been published that have used cryptography and machine learning algorithms for designing security frameworks and still research is going on for finding optimal solutions. Cryptography techniques generally use identifiers in data frames, finding manipulations in sending time, and message authentication, etc. for enhancing the security levels on the other hand machine learning approaches are using different algorithms to design the framework and train the model accordingly with training data. There are two aspects while developing security solutions, namely transfer layer and physical layer security solutions. Applying cryptography approach at transfer layer by utilizing message authentication code, etc. is having various constraints due to the limitation of memory, computational capability, etc. Therefore, it will be good practice to choose security solutions at physical layer. Though significant improvements can be seen in current development of automotive protocols, still there are open research issues such as security against advanced attacks, bandwidth requirements, attack detection and resolution efficiency, latency, compatibility issues, and cost, etc. There is a need of designing the efficient robust security scheme which can handle various issues of automotive protocols as well provide protection against variety of security threats.
In this noble piece of research work, we presented a systematic survey covering the communication vulnerabilities of in-vehicle network, proposed security methods based on machine learning algorithms and cryptography techniques, characteristics of in-vehicle protocols, integrated multilayer security architecture of in-vehicle network, significant insights about improvement of the security level in in-vehicle communication. Finally, we provided the detailed discussions about futuristics potential research directions for securing the in-vehicle communication. Both sectors, including academia and the industry, have shown incredible concerns towards security of in-vehicle network therefore we are sure that this systematic survey will provide a strong base for the research and development team for acquiring valuable inputs regarding security challenges of in-vehicle network and designing enhanced solutions.